实现Windows和centos7文件的上传共享,samba是最方便快捷的了
1、安装
# yum -y install samba samba-client samba-common
//或者使用rpm安装
#rpm -ivh samba-4.1.1-37.el7_0.src.rpm
//查看安装版本信息
# rpm -qi samba
Name :
samba
Epoch :
0
Version : 4.1.1
Release :
37.el7_0
Architecture: x86_64
Install Date: Mon 11 Aug 2014 05:10:39 PM CST
Group :
System Environment/Daemons
Size :
1657523
License :
GPLv3+ and LGPLv3+
Signature :
RSA/SHA256, Wed 06 Aug 2014 03:59:24 AM CST, Key ID 24c6a8a7f4a80eb5
Source RPM :
samba-4.1.1-37.el7_0.src.rpm
Build Date :
Wed 06 Aug 2014 03:33:22 AM CST
Build Host :
worker1.bsys.centos.org
Relocations : (not relocatable)
Packager :
CentOS BuildSystem
Vendor :
CentOS
URL : style="color:#333333;font-family:tahoma, 宋体;font-size:14px;line-height:22.3999996185303px;text-align:justify;white-space:normal;background-color:#FAFAFC;" />
Summary :
Server and Client software to interoperate with Windows machines
Description :
Samba is the standard Windows interoperability
suite of programs for Linux and Unix.
Tips:也之前的SAMBA 3有一个重大的变化是:
security不再支持share
WARNING: Ignoring invalid value 'share' forparameter 'security'
2、配置
(1)、需要用户名密码的
创建共享目录(假设共享/smb目录下的文件)
# mkdir -p /smb/docs
# mkdir -p /smb/tech
配置内核参数
# ulimit -n 16384
# vi /etc/security/limits.conf
#在最后加入以下内容
* - nofile 16384
Tip: 这主要是避免在启动Samba时出现以下警告信息:
rlimit_max: increasing rlimit_max (1024) tominimum Windows limit (16384)
# cd /etc/samba/
//备份原有的配置文件
# cp smb.conf smb.conf.origin
# vi/etc/samba/smb.conf
删除原有所有内容,添加如下内容:
[global]
workgroup=BIGCLOUD
netbios name=ZZSRV2
server string=Samba Server
#security=share
security=user
map to guest = Bad User
[SHAREDOCS]
path=/smb/docs
readonly=yes
browseable=yes
guest ok=yes
[RDDOCS]
path = /smb/tech/
public = no
writable = yes
write list = @RD
validusers = @RD
创建用户并分配权限
//创建操作系统用户
# useraddalice
# useraddjack
# useradd tom
# useradd RD
//修改用户的组
# usermod -a-G RD alice
# usermod -a-G RD jack
# usermod -a-G RD tom
# id alice
uid=1000(alice) gid=1000(alice)groups=1000(alice),1003(RD)
//创建SAMBA用户
# smbpasswd-a alice
# smbpasswd-a jack
# smbpasswd-a tom
//修改目录权限
# chown RD:RD/smb/tech/
# chmod 770/smb/tech
//查看服务状态
# ll -d/smb/tech/
drwxrwx--- 2 RD RD 4096 Aug 11 17:08 /smb/tech/
# systemctlrestart smb
# systemctlenable smb
# systemctlstatus smb
smb.service - Samba SMB Daemon
Loaded: loaded(/usr/lib/systemd/system/smb.service; enabled)
Active: active (running) since Tue2014-08-12 11:38:29 CST; 14s ago
Main PID: 16807 (smbd)
Status: "smbd: ready to serveconnections..."
CGroup: /system.slice/smb.service
16807 /usr/sbin/smbd
16808 /usr/sbin/smbd
systemd[1]:Starting Samba SMB Daemon...
smbd[16807]:[2014/08/12 11:38:29.255341, 0]../lib/util/become_daemon.c:136(daemon_ready)
systemd[1]:Started Samba SMB Daemon.
smbd[16808]:STATUS=daemon 'smbd' finished starting up and ready to serve connectionsfailedto retrieve print...CCESSFUL
Hint:Some lines were ellipsized, use -l to show in full.
(2)不需要用户名密码,所有用户可以直接登入的
配置smb.conf home目录下共享
[global]
workgroup = WORKGROUP
server string = Samba Server %v
netbios name = centos
security = share
guest account = nobody
#============================ Share Definitions ==============================
[home]
path = /home/
browsable =yes
writable = yes
public ok = yes
read only = no
guest ok = yes
由于要设置匿名用户可以下载或上传共享文件,所以要给/share目录授权为nobody权限。
chown -R nobody:nobody /home/
设置目录权限
chmod 777 /home/
3、关闭防火墙
systemctl stop firewalld
永久关闭
systemctl disable firewalld
4、关闭selinux(很重要,不关闭无法打开)
vi/etc/selinux/config
# This file controls the state of SELinux on the system.
# SELINUX= can take one of these three values:
# enforcing - SELinux security policy is enforced.
# permissive - SELinux prints warnings instead of enforcing.
# disabled - No SELinux policy is loaded.
SELINUX=disabled
# SELINUXTYPE= can take one of three two values:
# targeted - Targeted processes are protected,
# minimum - Modification of targeted policy. Only selected processes are protected.
# mls - Multi Level Security protection.
SELINUXTYPE=targeted
这篇指南介绍了如何在CentOS7中配置匿名和安全的Samba服务器。Samba是一个开源/自由软件套件,提供无缝的文件和打印服务SMB/CIFS客户端.Samba是免费的,不像其他的SMB/CIFS的实现着,Samba允许在Linux/Unix服务器和给予Windows的客户端之间协同工作,
我有个一新安装的CentOS7 服务器,这是我要安装Samba服务器的机子。当然,你需要有一个windows机器来检查这台CentOS7的服务器是可被连接的。
我的CentOS7的服务器主机名:server1.example.com ,IP是:192.168.0.100
注意:Windows 机器必须和这台CentOS7在同一个工作组。可以用下面的命令来检查:
为了确保windows机器可以在窗口中处理类似的访问。在终端中添加服务器IP地址:
|
notepad C:\Windows\System32\drivers\etc\hosts
|
在我的例子中是这样保存的:
[...]
192.168.0.100 server1.example.com centos
|
首先我将解释安装Samba和匿名共享的方法。安装Samba运行
|
yum install samba samba-client samba-common
|
安装之后请备份一份原始的Samba配置文件:
1
|
mv /etc/samba/smb .conf /etc/samba/smb .conf.bak
|
然后来新建我们的conf文件:
vi /etc/samba/smb .conf
[global]
workgroup = WORKGROUP
server string = Samba Server % v
netbios name = centos
security = user
map to guest = bad user
dns proxy = no
[Anonymous]
path = /samba/anonymous
browsable = yes
writable = yes
guest ok = yes
read only = no
:wq
|
mkdir -p /samba/anonymous
systemctl enable smb.service
systemctl enable nmb.service
systemctl restart smb.service
systemctl restart nmb.service
|
在下面CentOs7的防火墙cmd会阻止Samba的访问,为了摆脱这个,我们运行:
[root@server1 ~]
success
[root@server1 ~]
[root@server1 ~]
success
[root@server1 ~]
|
现在你可以在Windows中访问CentOS7的共享文件了,在命令提示行中输入:
下面是浏览到的文件夹,如果你尝试着去创建一个文件,你会得到一个没有权限的错误信息、
检查这个共享文件夹的权限:
drwxr-xr-x. 2 root root 6 Jul 17 13:41 anonymous
[root@server1 samba]#
我们下面给匿名用户一个权限:
cd /samba
chmod -R 0755 anonymous/
chown -R nobody:nobody anonymous/
ls -l anonymous/
|
total 0
drwxr-xr-x. 2 nobody nobody 6 Jul 17 13:41 anonymous
[root@server1 samba]#
进一步我们需要配置Selinux
|
chcon -t samba_share_t anonymous/
|
现在我们可以浏览和创建文件了
在服务器上查看:
total 0
-rwxr--r--. 1 nobody nobody 0 Jul 17 16:05 anonymous.txt
[root@server1 samba]#
为了这个,我创建了一个组:smbgrp 和用户srijan通过认证来访问Samba服务器。
groupadd smbgrp
useradd srijan -G smbgrp
smbpasswd -a srijan
[root@server1 samba]
New SMB password:<--yoursambapasswordRetype new SMB password:<--yoursambapasswordAdded user srijan.
[root@server1 samba]
|
现在在Samba文件夹下创建一个文件夹:Secured ,并且给出权限:
同样的,我们允许Selinux来监听:
cd /samba
chmod -R 0777 secured/
chcon -t samba_share_t secured/
|
再次编辑配置文件:
vi /etc/samba/smb .conf
[...]
[secured]
path = /samba/secured
valid users = @smbgrp
guest ok = no
writable = yes
browsable = yes
systemctl restart smb.service
systemctl restart nmb.service
|
像下面这样测试:
testparm
[root@server1 samba]
Load smb config files from /etc/samba/smb .conf
rlimit_max: increasing rlimit_max (1024) to minimum Windows limit (16384)
Processing section "[Anonymous]"
Processing section "[secured]"
Loaded services file OK.
Server role: ROLE_STANDALONE
Press enter to see a dump of your service definitions <--ENTER[global]
netbios name = CENTOS
server string = Samba Server % v
map to guest = Bad User
dns proxy = No
idmap config * : backend = tdb
[Anonymous]
path = /samba/anonymous
read only = No
guest ok = Yes
[secured]
path = /samba/secured
valid users = @smbgrp
read only = No
[root@server1 samba]
|
现在在windows机器中可以使用相应的凭证来查看文件夹。
你的用户srijan同样面对着写入权限的问题,让我们来给出权限:
cd /samba
chown -R srijan:smbgrp secured/
|
现在Samba用户在共享的目录中有写入的权限了,开始High吧.
注:
如果你的 chcon命令不成功,请按下面的方式尝试:
|
chcon -h system_u:object_r:forderA /path/to/B
|
阅读(1969) | 评论(0) | 转发(0) |